PT-2017-16576 · None+2 · Libtiff+2

Wang Junjie

Published

2017-01-23

Updated

2026-03-31

CVE-2017-5563

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions LibTIFF version 4.0.7

Description The issue is related to a heap-based buffer over-read in the tif lzw.c file, which can result in denial of service (DoS) or code execution. This can be triggered by a crafted bmp image when using the tools/bmp2tiff utility.

Recommendations For LibTIFF version 4.0.7, consider avoiding the use of crafted bmp images with the bmp2tiff tool until a patch is available. As a temporary workaround, restrict access to the tif lzw.c function to minimize the risk of exploitation.

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

AZL-45150

CVE-2017-5563

ECHO-9A38-E230-2936

USN-3606-1

Affected Products

Debian

Libtiff

Ubuntu

PT-2017-16576 · None+2 · Libtiff+2

CVE-2017-5563

Weakness Enumeration

Related Identifiers

Affected Products

References · 26